pubic sector financial management part 11: audit · 2016-06-15 · pubic sector financial...
TRANSCRIPT
Andrew Graham
School of Policy Studies
Queens University
www.andrewbgraham
PUBIC SECTOR FINANCIAL MANAGEMENT PART 11: AUDIT
“Whenever the advance of civilization brought about the necessity of one man being entrusted to some extent with the property of another, the advisability of some kind of check upon the fidelity of
the former would become apparent.” Richard Brown, The History of Accounting
and Accountants, 1905
4
Alternatively, add a dash of paranoia.. Audit is therefore a risk reduction practice which inhibits the deviant actions of agents.
Michael Power, University of York
5
What Audit is……
Audit is “ the independent objective assessment of the fairness of management’s representations on performance or the assessment of management’s systems and practices, against criteria, reporting to a governing body or other with similar responsibilities.”
CCAF: “Comprehensive Auditing”
6
Individuals or Organizations
Accepting Accountability: Towards Whom Audit is directed
Authority, Power, Resources, Goals
Accountability for Performance, Results and Efficiency
Individuals or Organizations
Conferring Accountability: For
whom audit is performed
Auditors: responsible for auditing units/
organizations on behalf of the conferring
authorities
Audit in the Accountability Relationships 7
Financial and Performance Reporting
8
FINANCIAL AUDIT
PERFORMANCE AUDIT
PROGRAM EVALUATION
Criteria Established in standards, e.g. PSAB
Non-standard, situational
Non-standard, situational, central government policy
Data Collection Systematic, standards
Organized, no standards
Non standardized
Practitioners Certified auditors Mix Mix
Reporting Specified language
General language - mix
General language
Also called Value for Money Audits – more to follow
The Independence of Auditors • Cornerstone of the profession but also of the function • Independence does not mean total separation –
there must be degrees of separation depending on the nature of the audit relationship: internal or external auditors, process auditors versus corporate
• Mixing managerial functions and auditing functions impairs objectivity
• Creating boundaries often a challenge, e.g. risk assessments for development of the audit universe
9
10
Auditors do not manage what they audit
• Managers • Exercise direction • Control • Fix errors • Monitor • Adjust • Evaluate • Respond and act
• Auditors • Review • Assess • Test against
standards • Assess financial
statements • Assess control
systems • Recommend • Advise
11
Both a systems and a transaction focus
• Auditing can focus on a single transaction – either before or after it takes place – this is a probity and compliance focus based on materiality
• Auditing can also focus on a system to ensure that controls are in place and working thereby giving some assurance that the individual transactions are being made properly
• Auditing can also focus on accounting policies to ensure that they provide the greatest transparency and reliability
12
Types of Audits • Time focus:
• Pre-audit: not visible, based on risk, can be automated, closely linked to operations
• Post-Audit: extensive use of sampling, higher visibility, more linked to results including compliance
13
Types of Audits
• Internal: organization is the client, usually the CEO or Board, but can be at a lower level, secure checks and balances within the organization, senior management’s eyes and ears
• External: reporting to the legislature or board of the organization, high degree of independence, generally highly transparent, will have greater focus on overall results and value for money
14
Scope or Purpose of the Audit
• Financial and compliance audits: focuses on the proper conduct of financial operations, either pre or post: • Validity of an individual transaction against criteria for
eligibility • Individual transactions that contain exceptions that should be
reported or forwarded to a higher authority for authorization • Errors, error rates and risk • Adequacy of controls • Fraud, misrepresentation or distortion of financial information • Adequacy of the security procedures
15
But not…. 16
Scope or Purpose of the Audit
• Economy: looks at whether the organization is using the resources that it has in the best possible manner to achieve its objectives
• Efficiency: were the objectives of the organization reached at the lowest cost?
• Effectiveness: were the results obtained consistent with stated goals?
• Sustainability: have the organizations actions and use of resources put it at risk of carrying on or being able to function effectively in the future: also called stewardship
The Start of Value for Money
17
The Role of Risk in Auditing • Determining what gets auditing and by whom can
be driven by many factors: • Public concern • Key stakeholder concerns • Specific senior management or board direction • Materiality
• Sums being spent • Size of the program in terms of people affected or consequences
of error
• Inherent risks
18
Components of Audit Risk
Inherent Risk
Control Risk
Detection Risk
Audit Risk
Susceptibility of an assertion to material misstatement assuming no related internal controls.
Risk of misstatements not being detected by system of internal control.
Risk of misstatements not being detected by the auditor.
Misstatement that remains undetected by the auditor.
Caught by internal controls
Caught by auditor
Undetected misstatement
Total misstatement
Controlling Risk ?
Start with Materiality
• Materiality should be considered by the auditor when: • determining the nature, timing and extent of audit
procedures and • evaluating the effect of misstatements
21
Materiality Measured or Perceived • A matter is considered
material if its omission, concealment or misstatement could influence the decisions of users of the financial statements that were taken on the basis of the financial statements.
• Some items can be material because of their sensitivity or by their context, even though they may be small in value.
22
Types of Material Risk • Inherent risks of the program: potential for error,
complexity of calculations • Control risks: extent to which controls are in place to
mitigate inherent risk and the extent to which they actually work
• Detection risks: use of audits to detect possibility of overlooking a potential error or flaw, even though the evidence of one is not strong
23
24
The Objective of Risk-Based Planning
Target audit resources where risk is greatest!
Probability
Impa
ct
HL
H
Source: A Guide to the Use of Risk Management Within the Internal Audit Process ©2002 – The IIA – Australia
Internal auditors can add value by:
• Reviewing critical control systems and risk management processes.
• Performing an effectiveness review of management's risk assessments and the internal controls.
• Providing advice in the design and improvement of control systems and risk mitigation strategies.
• Implementing a risk-based approach to planning and executing the internal audit process.
• Ensuring that internal auditing’s resources are directed at those areas most important to the organization.
• Challenging the basis of management’s risk assessments and evaluating the adequacy and effectiveness of risk treatment strategies.
Internal auditors can add value by:
Comparing Internal and External Audit
External or Outside
• Normally statutory requirement
• Reports addressed to parties outside the organization, e.g. legislature or board
• Reports are public documents
• Reports do not make corrective recommendations, except in Management Letter
• Focus on compliance, value for money, procedural adherence, efficiency
Internal
• Created by internal policy, either central or in operating unit
• Addressed to management
• Reports accessible, but primary use is internal
• Reports make recommendations
• Focus on control systems, compliance, value for money and procedural adherence.
28
EXTERNAL AUDIT The Rise of the Value for Money Audit and the Audit Explosion
29
External Audit and Review
• Legislative Auditors: reporting directly to the legislature, they manage the auditor general function of the government: Auditor General, Provincial Auditor, City Auditor (less clear
• Inspection and Monitoring Units: e.g. Best Value Inspectorate, UK, MPMP, Ontario, Vermont Social Wellbeing Index
• External Audit Firms
30
External Review • Not part of the government or organizational
hierarchy – accountable to the legislature/city council or board of directors
• Roles: • Reliability of financial statements • Adequacy of management systems and practices • Legal compliance for procedures • Value for money • Specific audits as directed by the legislature
31
Value for money
33
Value for Money Audits Economy and efficiency audits include determining:
• whether the entity is acquiring, protecting, and using resources economically and efficiently
• the causes of inefficiencies or uneconomical practices, and • whether the entity has complied with laws and regulations concerning matters
of economy and efficiency
Not a policy review and not a formal evaluation.
34
Value for Money Audits • VFM audits:
• Effectiveness or program audits include determining: • the extent to which the desired results or benefits established by the
authorizing body are being achieved
• the effectiveness of organizations, programs, activities or functions, and • whether the agency has complied with laws and regulations
applicable to the program
35
Differences Between Traditional Auditing and VFM Auditing
• In traditional audits, the objective is to render an opinion on the financial statements.
• In VFM audits, the mandate may provide the auditor with discretion to establish the audit objectives and scope.
• In VFM audits, the objectives and scope vary from one audit to another.
• In VFM audits, much of the audit focuses on matters that are not necessarily financial.
• There is no body of standards like GAAP to refer to in VFM auditing.
36
Differences Between Traditional Auditing and VFM Auditing
• The nature and sources of evidence may differ between VFM auditing and traditional auditing.
• VFM auditing will tend to make greater use of a multidisciplinary team.
• VFM audits may not relate to a standard time period, such as year end.
• There are no standard audit reports for VFM auditing.
37
Differences Between Traditional Auditing and VFM Auditing
• VFM audits use the concept of “significance” rather than materiality.
• Significance is based on consideration of • financial magnitude • importance • economic, social and environmental impact and • previous VFM recommendations
• The concepts of audit risk, inherent risk, and control risk take on unique meanings in a VFM audit.
Third Party Accountability • Contracting for services is hardly new, just more prolific
now • While challenges exist to establishing both accountability
and audit requirements, they are not insurmountable. • They are not negotiable in the public sector
accountability context. • Need to be built into the contracting process.
38
Third Party Accountability • Have to assume that contractors will take a different
perspective on accountability than a public sector organization
• Similarly, public sector accountability is not costless to contracting organizations – in fact, it can be quite burdensome.
39
Third Party Accountability • Ultimately, governments and contractors need to
meet the public accountability needs, but with some important features to the relationship: • Clear statements and agreements on the desired outcomes
or deliverables • Clear definitions of accountability of all parties involved • Good costing and costing methodology to respond to
changes • Good contract design and contract administration • Clear reporting protocols • Effective contract governance • Post-contract evaluation
40
Is Performance Auditing all that it is cooked up to be? • Christopher Pollitt and Robert Mul conclude that the
efficiency and effectiveness ‘have been much less frequently investigated than issues of management practice and procedures’ in performance audits.”
• In other words, is all this talk about value for money really just another form of dressed-up audit findings?
41
Emergence of Continuous Auditing
• Audit performs auditing activities on a continuous basis of key high risk areas
• Makes use of data extraction capacity of financial systems
• Shift from cyclical or episodic reviews to continuous – in real time
• Still GAAP • Advantages/disadvantages? • What does this do to management control, now
starting to be call continuous monitoring?
42
So What Did One Federal Department Focus on for Continuous Audit?
43
Acquisition Cards
Travel
Supply Arrangement Payments
Contracting
Hospitality
Payroll
44
Continuous Audit
Continuous Monitoring
The Audit Explosion • A 21st century phenomenon • A social phenomenon: as we understand risks more
we demand great control – audit follows naturally • Increasing focus on systems of control over individual
controls • The infallibility of auditors – who is watching the
watchers?
45
The Audit Explosion: What’s going on here? • Performance auditing pushes into program
evaluation • Continuous audit pushes into managerial monitoring
and control • The emergence of the ‘accounting officer’ and the
search for audit comfort • Need to control the auditors – Audit Committees
46
“It may be that the audit explosion signifies a displacement of trust from one part of the economic system to another; from operatives to auditors.” Michael Power, The Audit Explosion
47
• ‘The new accountability has quite sharp teeth. Performance is monitored and subjected to quality control and quality assurance. The idea of audit has been exported from its original financial context to cover ever more detailed scrutiny and non-financial processes and systems. Performance indicators are used to measure adequate and inadequate performance with supposed precision. This audit explosion…. has often displaced or marginalized older systems of accountability’
(Onora O’Neill. A question of trust. Cambridge Unit Press ).
48
Can auditing go back?
49
On that happy note, remember, In God we trust.
Everyone else we audit.
827 FOR 2016 IS GOING DOWN
THE ROAD…